Cloud Foundry and Platform as a Service (PaaS) is a hot market space. The return on investment that PaaS provides is compelling as it offers improved efficiency in development, test and deployment of new applications, cost savings from a pay-as-you-go service model, and ability to easily scale up and down. But what about security? How does security work in the emerging PaaS market? What are your options?
What if there was a security product that your company is likely already using to protect its critical infrastructure, integrates with hundreds of applications and serves many use cases, helps to meet industry regulations, allows your company to define it’s “route to cloud” (more on that later), and is already integrated with Cloud Foundry PaaS? Well, there is! It’s called a SafeNet Network Hardware Security Module (HSM). HSMs provide secure storage for cryptographic key material and performs cryptographic operations within a FIPS Level 3, Common Criteria Level 4+ compliant hardware device.
In this article we won’t describe everything that HSMs do, rather, we will focus on 4 key values that SafeNet Network HSMs can provide to your company that pertains to Cloud Foundry PaaS.
- Bring security to your company’s high assurance use casesWhen developing on an open source PaaS environment, like Cloud Foundry, storing the cryptographic keys used to protect your data on a SafeNet Network HSM that you control, allows your company to attain the high assurance security needed to protect its cloud services and applications, and to meet compliance with regulatory requirements for strong key protection in PaaS environments. With SafeNet Network HSMs, your company has complete control of your data because only your organization has access to the encryption keys that secure your data. This can be illustrated with SafeNet Network HSMs auditable compliant records of ownership and usage of the cryptographic keys and the applications that use them.
- Provides you with “route to cloud” security options – that no one else canAt Gemalto, we have been diligent in our pursuit to marry together high assurance security and cloud. We like to refer to this concept as securing our customers “route to cloud.” “Route to cloud” to Gemalto means, allowing our customer to secure their applications, workloads, and data storage in whatever environment they choose. From virtualized data centers to public clouds, we protect our customers’ most sensitive data.Gemalto has made some excellent progress over the years enabling our customers “route to cloud”. For example, working with Amazon Web Services (AWS) to help launch the world’s first Hardware Security Module (HSM) in the cloud (AWS uses SafeNet Network HSMs for their AWS CloudHSM service); delivering market-leading Authentication as a Service with SafeNet Authentication Service, and providing encryption for data stored in virtualized and cloud environments with SafeNet ProtectV, available in AWS, Microsoft Azure, and IBM Marketplaces, and others.When we think about the cloud at Gemalto, we are thinking about our customers and the options they have to solve their business problems. For instance, how they are looking for opportunities to increase revenue, decrease costs, and build more efficient systems, all while mitigating security risks—especially as they move to take advantage of cloud compute and storage options for their applications.Our customers are evaluating data center consolidation, private cloud, public cloud, hybrid cloud, and even multi-cloud options. While most are deploying in virtual consolidated data centers and private cloud-type scenarios, they are investing in systems that enable them to make the shift to public cloud environments when they are ready. Gemalto has placed great emphasis on securing our customers no matter which “route to cloud” they choose by making sure our products work in all environments. From on-premises data centers all the way to multi-cloud environments, it is essential that we offer the tools that our customers need to work in the environments that their businesses require.
- Works seamlessly with PaaSAdding PaaS support is an important part of our continued support for our customers and their evolving “route to cloud” choices. In early in 2015, Gemalto began taking a closer look at PaaS, and how our products could integrate and bring value as our own customers evaluated PaaS for their “route to cloud.” Our most advanced customers were using some of the leading PaaS vendors like VMware and IBM BlueMix. These same customers expressed interest in the Cloud Foundry Alliance, and its initiative to standardize, and open source the PaaS offerings in the market.Working with these customers, we wanted to make sure our security products, like our SafeNet Network HSM, integrated into the PaaS offerings seamlessly. By doing so, this would allow our customers to gain the security advantage and trust of SafeNet Network HSMs while taking advantage of the efficiency, scalability, and time to market benefits of PaaS. With some minor changes to our HSM client, we were able to do this, and have successfully tested our integration with both VMware Cloud Foundry and IBM BlueMix PaaS—and we expect that this will be the case with any of the other Cloud Foundry PaaS offerings.We are proud to have worked with some great customers and partners in adding another option for our customer’s cloud security options. We are excited to grow our PaaS technology integrations with our entire portfolio of SafeNet Identity and Data Protection solutions, and we expect to expand our product integrations with PaaS beyond our SafeNet Network HSM in the near future.
- Works with over 400 of the most commonly used enterprise applications (the applications you already use in PaaS)Built on industry standard API’s, SafeNet Network HSMs integrate with hundreds of the most commonly used enterprise applications for:
- Online banking
- Financial payment transactions
- Smart metering
- Code signing
- Application servers
- Secure manufacturing
- Blockchain and smart contracts
- Smart card issuance
- and hundreds more
This enables true application portability and multi-cloud use of cryptographic keys without the need for costly customization. Today, Gemalto works with hundreds of different partners to enhance the security of their offerings by integrating our authentication, data encryption, and key management solutions. Our continued investment in the Gemalto Technology partner ecosystem is another key component to securing our customers “route to cloud.” And we believe our continued leadership work to integrate PaaS and Gemalto security solutions will bring more opportunities to secure the “route to cloud” for our partner’s customers, and help them reach new customers.
To learn more about the SafeNet Network HSM integration with Cloud Foundry visit http://www6.gemalto.com/cloud-foundry-trial, and while you’re there, look for the link to try it out on Pivotal Web Services.
- Security x CF Meet Up – Tuesday, May 24, 2016 at 6:30pm PST in Santa Clara, CA
- Webinar: Security, Compliance and Hardware Security Modules in Cloud Foundry – Live on Thursday, June 2, 2016 at 1pm ET and on-demand